Month: October 2018

On the heels of a $300 million funding round valued at $1.2 billion, Postmates is making its Unlimited monthly subscription product a bit more economical. Postmates Unlimited, which costs $9.99 per month ( or $7.99 per month paid annually), is lowering its minimum order size from $20 to $15. That means in order to get free delivery, you have to spend at least $15.

The on-demand delivery startup first launched its Amazon Prime-style subscription service in March 2016. At the time, the minimum order fee was $30. Just a few months later, Postmates lowered the minimum cart size to $25.

Postmates says one of every three orders come via its Unlimited members. Postmates has also doubled the number of people subscribed to Unlimited, touting “hundreds of thousands” of Unlimited customers and 300 percent growth year over year.

Postmates competitor DoorDash similarly offers a subscription service for free delivery. In August, DoorDash unveiled DashPass to offer free deliveries for orders of at least $15. Starting today, DoorDash is offering free one-week trials of its service.

Overall, Postmates says it completes millions of deliveries a month and is profitable in 90 percent of its markets. Postmates is currently available in more than 400 U.S. cities, as well as in Mexico City.

If you ever wanted to use your Google Assistant to book you a ride with Uber or Lyft, your wishes have been heard. Starting today, you’ll be able to use your voice to ask Google’s virtual assistant to book you a car from Uber, Lyft, Ola, Grab, GO-JEK and similar services.

The new feature works with Google Assistant-enabled speakers and on phones. You can either request a car from a specific company or place a more generic request (“Hey Google, book a car to PDX”) and the assistant will return current pricing for all the supported ridesharing services in your area.

To actually book the ride, the Assistant will then hand you off to the ridesharing company’s mobile app, though.

Still, it’s a useful feature if you want to quickly compare prices or are frantically running around the house, trying to pack your suitcase for your next trip, and want to get a car quickly.

Lilian Rincon, Google’s director for the Assistant, told me that having a similar feature in Google Maps already made it easier to implement this in the Assistant, too.

“We think of the Google Assistant as highlighting the best of Google,” she said. “There is a ridesharing feature in Google Maps and we’ve been working very closely with that team to highlight this.”

It’s worth noting that Google announced a redesign of the visual side of the Google Assistant yesterday. This new feature isn’t directly linked to that as far as I can tell, but it does show some of that same focus on bringing more visual elements to the Assistant experience by showing you a list of prices and a map.

The new feature is now rolling out globally, but only in English. It’ll expand to other languages over time.

Thursday’s explosive story by Bloomberg reveals detailed allegations that the Chinese military embedded tiny chips into servers, which made their way into datacenters operated by dozens of major U.S. companies.

We covered the story earlier, including denials by Apple, Amazon and Supermicro — the server maker that was reportedly targeted by the Chinese government. Amazon said in a blog post that it “employs stringent security standards across our supply chain.” The FBI and the Office for the Director of National Intelligence did not comment, but denied comment to Bloomberg.

Much of the story can be summed up with this one line from a former U.S. official: “Attacking Supermicro motherboards is like attacking Windows. It’s like attacking the whole world.”

It’s a fair point. Supermicro is one of the biggest tech companies you’ve probably never heard of. It’s a computing supergiant based in San Jose, Calif. with global manufacturing operations across the world — including China, where it builds most of its motherboards. Those motherboards trickle throughout the rest of the world’s tech — and were used in Amazon’s datacenter servers that powers its Amazon Web Services cloud and Apple’s iCloud.

One government official speaking to Bloomberg said China’s goal was “long-term access to high-value corporate secrets and sensitive government networks,” which fits into the playbook of China’s long-running effort to steal intellectual property.

“No consumer data is known to have been stolen,” said Bloomberg.

Infiltrating Supermicro, if true, will have a long lasting ripple effect on the wider tech industry and how they approach their own supply chains. Make no mistake – introducing any kind of external tech in your datacenter isn’t taken lightly by any tech company. Fears of corporate and state-sponsored espionage has been rife for years. It’s chief among the reasons why the U.S. and Australia have effectively banned some Chinese telecom giants — like ZTE — from operating on its networks.

Having a key part of your manufacturing process infiltrated — effectively hacked — puts every believed-to-be-secure supply chain into question.

With nearly every consumer electronics or automobile, manufacturers have to procure different parts and components from various sources across the globe. Ensuring the integrity of each component is near impossible. But because so many components are sourced from or assembled in China, it’s far easier for Beijing than any other country to infiltrate without anyone noticing.

The big question now is how to secure the supply chain?

Companies have long seen supply chain threats as a major risk factor. Apple and Amazon are down more than 1 percent in early Thursday trading and Supermicro is down more than 35 percent (at the time of writing) following the news. But companies are acutely aware that pulling out of China will cost them more. Labor and assembly is far cheaper in China, and specialist parts and specific components often can’t be found elsewhere.

Instead, locking down the existing supply chain is the only viable option.

Security giant Crowdstrike recently found that the vast majority — nine out of ten companies — have suffered a software supply chain attack, where a supplier or part manufacturer was hit by ransomware, resulting in a shutdown of operations.

But protecting the hardware supply chain is a different task altogether — not least for the logistical challenge.

Several companies have already identified the risk of manufacturing attacks and taken steps to mitigate. BlackBerry was one of the first companies to introduce root of trust in its phones — a security feature that cryptographically signs the components in each device, effectively preventing the device’s hardware from tampering. Google’s new Titan security key tries to prevent manufacturing-level attacks by baking in the encryption in the hardware chips before the key is assembled.

Albeit at start, it’s not a one-size-fits-all solution. Former NSA hacker Jake Williams, founder of Rendition Infosec, said that even those hardware security mitigations may not have been enough to protect against the Chinese if the implanted chips had direct memory access.

“They can modify memory directly after the secure boot process is finished,” he told TechCrunch.

Some have even pointed to blockchain as a possible solution. By cryptographically signing — like in root of trust — each step of the manufacturing process, blockchain can be used to track goods, chips, and components throughout the chain.

Instead, manufacturers often have to act reactively and deal with threats as they emerge.

According to Bloomberg, “since the implanted chips were designed to ping anonymous computers on the internet for further instructions, operatives could hack those computers to identify others who’d been affected.”

Williams said that the report highlights the need for network security monitoring. “While your average organization lacks the resources to discover a hardware implant (such as those discovered to be used by the [Chinese government]), they can see evidence of attackers on the network,” he said.

“It’s important to remember that the malicious chip isn’t magic — to be useful, it must still communicate with a remote server to receive commands and exfiltrate data,” he said. “This is where investigators will be able to discover a compromise.”

The intelligence community is said to be still investigating after it first detected the Chinese spying effort, some three years after it first opened a probe. The investigation is believed to be classified — and no U.S. intelligence officials have yet to talk on the record — even to assuage fears.

As the summer of MoviePass quickly turned into the bummer of MoviePass, the company has been trying all manner of Hail Maries to keep the dream alive. And while the movie ticket startup has been burning through cash like crazy, securing funding apparently hasn’t been an issue.

This week, MoviePass’ parent company Helios & Matheson secured an additional $63 million in funding. MoviePass has since confirmed the funding with TechCrunch, but won’t go into any additional details regarding what it plans to do with the money.

Helios & Matheson CEO Ted Farnsworth was a bit more open — if not particularly specific — about what all this means. “We’re still here, and we’re not going anywhere,” he told The Wrap. “We’re doing M&A, we’re looking at all kinds of acquisitions at any given time and we’ll grow the company that way and I think you’ll see over the next few weeks,”

In the short term, at least, that means keeping the lights on over at MoviePass, as the service adjusts plans and expectations in hopes of retaining customers and becoming profitable. It’s a pretty massive mountain to climb, given how the product was positioned at the height of its powers.

“[T]echnically subscription alone right now is doing just fine, now it’s tacking on all the other things on top of it,” Farnsworth said. “What we’re doing now is we’re proving out our model.”

The plan includes creating original content in the vein of Netflix, though, the company’s first acquisition, Gotti, wasn’t exactly an auspicious beginning for those grand plans. 

Quantum computing represents tremendous promise to completely alter technology as we’ve known it, allowing operations that weren’t previously possible with traditional computing. The downside of these powerful machines is that they could be strong enough to break conventional cryptography schemes. Today, BlackBerry announced a new quantum-resistant code signing service to help battle that possibility.

The service is meant to anticipate a problem that doesn’t exist yet. Perhaps that’s why BlackBerry hedged its bets in the announcement saying,”The new solution will allow software to be digitally signed using a scheme that will be hard to break with a quantum computer.” Until we have fully functioning quantum computers capable of breaking current encryption, we probably won’t know for sure if this works.

But give BlackBerry credit for getting ahead of the curve and trying to solve a problem that has concerned technologists as quantum computers begin to evolve. The solution, which will be available next month, is actually the product a partnership between BlackBerry and Isara Corporation, a company whose mission is to build quantum-safe security solutions. BlackBerry is using Isara’s cryptographic libraries to help sign and protect code as security evolves.

“By adding the quantum-resistant code signing server to our cybersecurity tools, we will be able to address a major security concern for industries that rely on assets that will be in use for a long time. If your product, whether it’s a car or critical piece of infrastructure, needs to be functional 10-15 years from now, you need to be concerned about quantum computing attacks,” Charles Eagan BlackBerry’s Chief Technology Officer said in a statement.

While experts argue how long it could take to build a fully-functioning quantum computer, most agree that it will take between 50 and 100 qubit computers to begin realizing that vision. IBM released a 20 Qubit computer last year and introduced a 50 Qubit prototype. A Qubit represents a single unit of quantum information.

At TechCrunch Disrupt last month, Dario Gil, IBM’s vice president of artificial intelligence and quantum computing, and Chad Rigetti, a former IBM researcher who is founder and CEO at Rigetti Computing, predicted we could be just three years away from the point where a quantum computer surpasses traditional computing.

Whether it happens that quickly or not remains to be seen, but experts have been expressing security concerns around quantum computing as they grow more powerful, and BlackBerry is addressing that concern by coming up with a solution today, arguing that if you are creating critical infrastructure you need to future-proof your security.

BlackBerry, once known for highly secure phones, and one of the earliest popular, business smart phones, has pivoted to be more of a security company in recent years. This announcement, made at the BlackBerry Security Summit, is part of the company’s focus on keeping enterprises secure.

Walgreens has entered into a strategic partnership with beauty-in-a-box startup Birchbox, which will involve building Birchbox experiences inside Walgreens’ stores so customers can shop and try new brands. The deal also sees Walgreens acquiring a minority equity interest in Birchbox, the companies said.

The deal follows a change to Birchbox’s ownership structure reported earlier this year where Birchbox investor Viking Global took a majority stake in the New York-based beauty company. The deal wiped out Birchbox’s other VC investors’ stakes, including Accel Partners and First Round Capital, Recode had noted at the time. Those VCs walked away with nothing.

Birchbox had previously raised almost $90 million from VCs, and was once valued at nearly $500 million, but had struggled with growth and profitability, forcing it to make changes to its cap table after failing to find a buyer.

Despite having become a brand name in the space it helped to define – subscription box startups – Birchbox has been facing competition from Ipsy, Glossybox, Sephora and Allure Magazine. Even Target and Amazon do their own beauty boxes now. The company continues to report “over 2.5 million” active users – the same number it had in May.

The Walgreens deal will help Birchbox reach new customers by allowing it to establish an expanded brick-and-mortar presence.

Meanwhile, Walgreens benefits by bringing popular beauty brands under its roof, potentially attracting new customers to its stores – store which generally feature “drugstore beauty brands” like Covergirl, Maybelline, Revlon and others.

“This is an exciting time for beauty at Walgreens,” said Richard Ashworth, President of Operations at Walgreens, in a statement about the deal. “Our customers want to shop the most sought-after brands in a welcoming and accessible environment, and the addition of Birchbox to our growing beauty offering is a big step in delivering on our promise to differentiate and elevate the beauty experience at Walgreens. This collaboration will help enable Walgreens to continue to strengthen our beauty offering and build our prestige portfolio,” he added.

Walgreens says it will dedicate space in its stores to Birchbox experiences that feature its branding, which will include curated assortments of full-sized skincare, hair and makeup products from over 40 brands. Participating brands include Sand & Sky, Wander Beauty, Beachwaver, RMS beauty, Huxley, Davroe, Acure, IPKN, Embryolisse, Winky Lux and ARROW.

This rollout will begin in 11 stores across major U.S. cities. Six stores in Chicago, L.A., NYC, and Minneapolis will launch Birchbox experiences this December, followed by five stores in Chicago, Dallas, L.A. and Miami in early 2019.

At pilot stores, Birchbox will also offer subscriptions to its monthly delivery service of samples, and a “Build Your Own Birchbox” experience like it has at its own flagship stores in New York and Paris.

Embracing digital-first consumer brands is something all big players like to do these days. Target, for example, now stocks Casper mattresses, and just added two more digital-first brands to its in-store assortment with Quip toothbrushes and Native deodorant. Amazon dedicates a whole section of its site to startups, called Amazon Launchpad.

Walgreens, however, has been marketing itself more recently not as a place that embraces digital-first, modern brands and is looking forward into the future, but instead as place with a very long history. Its ad campaigns touted that it’s been “trusted since 1901,” and focused on the consistency of its experience over time.

Birchbox declined to share additional details about the deal.

 

There are currently two main open source foundations that focus on JavaScript: the JavaScript (JS) Foundation, which was founded in 2016, and the Node.js Foundation, which launched in 2015. The JS Foundation’s mission is to shepherd the ecosystem around the language while Node.js obviously focuses on the Node.js technology for using JavaScript server-side with the help of Google’s V8 engine and growing that ecosystem. Now, these two foundations want to merge.

This is not a done deal and the two organizations plan to take get feedback from their respective communities, starting with an in-person Q&A at the upcoming Node+JS Interactive conference, as well as online.

“Joining forces will not change the technical independence or autonomy for Node.js or any of the 28 JS Foundation projects such as Appium, ESLint, or jQuery,” the two organizations write in today’s announcement. “JavaScript is a versatile programming language that has expanded far beyond its role as a backbone of the web, entering new environments such as IoT, native apps, DevOps, and protocols. As the ecosystem continues to evolve — moving from browsers to servers, desktop applications to embedded devices — increased collaboration in the JavaScript ecosystem is more important than ever to sustain continued and healthy growth.”

And indeed, that increased collaboration across the ecosystem is what seems to be at the core of this move. “The Foundation leaders and key technical stakeholders believe that a tighter alignment of communities will expand the scope of the current Foundations and enable greater support for Node.js and a broader range of JavaScript projects,” noted Mike Dolan, Vice President of Strategic Programs at the Linux Foundation, in today’s announcement.

The ultimate goals of the merger are to “enhance operational excellence,” to increase collaboration and to increase the collaboration across JavaScript ecosystems and to create a single organization that can become the home for any JavaScript project.

If this merger happens, then it’ll surely help both groups already sit underneath the umbrella of the Linux Foundation, which should make the transition relatively easy, assuming the community agrees. There is also some overlap between the two groups’ members, though probably less than you’d expect. While IBM is a platinum member of both, for example, Google is a platinum member of the Node.JS foundation but doesn’t sponsor the JS Foundation. Similarly, Samsung is a top-level sponsor of the JS Foundation but is nowhere to be found on the Node.JS Foundations’ site. It’s probably no surprise then, that one of the stated goals of the merger is also “streamlined member engagement.”

 

 

Atlassian’s Jira has become a standard for managing large software projects in many companies. Many of those same companies also use GitHub as their source code repository and, unsurprisingly, there has long been an official way to integrate the two. That old way, however, was often slow, limited in its capabilities and unable to cope with the large code bases that many enterprises now manage on GitHub .

Almost as if to prove that GitHub remains committed to an open ecosystem, even after the Microsoft acquisition, the company today announced a new and improved integration between the two products.

“Working with Atlassian on the Jira integration was really important for us,” GitHub’s director of ecosystem engineering Kyle Daigle told me ahead of the announcement. “Because we want to make sure that our developer customers are getting the best experience of our open platform that they can have, regardless of what tools they use.”

So a couple of months ago, the team decided to build its own Jira integration from the ground up, and it’s committed to maintaining and improving it over time. As Daigle noted, the improvements here include better performance and a better user experience.

The new integration now also makes it easier to view all the pull requests, commits and branches from GitHub that are associated with a Jira issue, search for issues based on information from GitHub and see the status of the development work right in Jira, too. And because changes in GitHub trigger an update to Jira, too, that data should remain up to date at all times.

The old Jira integration over the so-called Jira DVCS connector will be deprecated and GitHub will start prompting existing users to do the upgrade over the next few weeks. The new integration is now a GitHub app, so that also comes with all of the security features the platform has to offer.

Brandwatch — the UK-HQ’d social intelligence company which raised $65M from European VCs Nauta Capital, Highland Europe and Partech — is to merge with another leading player in the space, Crimson Hexagon. The merger, expected to close in Q4, will (say the companies) create a business with around $100M in recurring annual revenues. The merged entity will simply be called Brandwatch.

The idea is to create new, artificial intelligence-driven products to help brands understand consumer behaviour, especially via social media.

In a statement Giles Palmer, Founder and CEO of Brandwatch, said: “In this digitally connected world, our vision is to transform how organizations understand their consumers through products that bring structure and meaning to the public voices of billions of people. This merger allows us to accelerate towards that vision and move beyond social listening to innovate at the cross section of brand, market and consumer intelligence.”

Palmer will become CEO of the merged entity, backed by a leadership drawing from executives on both sides (names, roles not yet formally announced). The combined board also will be made up of investors from both sides.

Chris Bingham, Chief Technology Officer at Crimson Hexagon said: “I am very excited to know that our 11 year investment in AI and Machine Learning is so valued by Brandwatch, and that it will be at the very core of our new integrated platform.”

The products both companies offer will eventually be merged but for now the products they offer will continue to be supported and operate independently “for an extended period.”

Brandwatch counts Unilever, Walmart and Dell as clients. The company has made two acquisitions to date: PeerIndex (2013) and BuzzSumo (2017) as a standalone content marketing platform. It has offices in Brighton UK, New York, San Francisco, Berlin, Stuttgart, Paris, Singapore and soon Sydney.

We’ve finalized the Vancouver micro meetup tonight. We’ll be holding it at Hootsuite HQ on 5, East 8th Ave at 7pm on October 4. Extra special thanks to the folks at Hootsuite for helping out.

You must RSVP here so we know how many are attending. I’ve already picked ten companies to pitch so if you haven’t been notified please come and support your friends.

Since there will be no booze at the event we’ll have an extra special drinkathon at 9pm at a bar of your choosing. I’m open to suggestions.

N.B. – Yes, I know that’s not Vancouver. Just wanted to see if you were paying attention.